CTFd is a Capture The Flag framework designed for creating and managing cybersecurity competitions and training exercises. The platform provides an administrative interface for creating challenges across multiple categories, with support for various challenge types and difficulty levels. Users can configure hints, flags, and scoring mechanisms through the web-based management system. The framework supports both static and regex-based flag validation, along with custom flag plugins for specialized challenge requirements. Challenge creators can implement attempt limits and automatic bruteforce protection to maintain competition integrity. CTFd accommodates both individual and team-based competitions, featuring dynamic scoring systems that adjust point values based on solve rates. The platform includes unlockable challenges that become available based on prerequisite completions or team progress. The system provides comprehensive scoreboard functionality with automatic tie resolution and score graphs for tracking participant progress over time. Content management capabilities support Markdown formatting for challenge descriptions and documentation. Email integration is available through SMTP and Mailgun services for participant communications and notifications. Team management features allow for group formation, member administration, and collaborative competition participation. File upload capabilities enable challenge creators to distribute necessary materials, tools, or datasets to participants. The plugin architecture allows for extensibility and custom challenge types beyond the standard offerings.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
A lightweight CTF platform with simple setup and difficulty-based scoring that removes timezone advantages from competitions.
Free multi-platform database tool with support for various databases and rich features.
Docker file for building Androguard dependencies with an optional interactive shell environment.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.